Restricted Python injection

Crafted URL allows arbitrary (sandboxed) Python to be run.

The danger here is quite low, as it does not allow the user to elevate her privileges, it merely allows excessively expensive operations to be performed. In conjunction with other attacks it could be used to extract or modify privileged information.

Information for security researchers

CVE Identifier: CVE-2012-5488
Impact Subscore: 2.9
Exploitability Subscore: 10
Overall CVSS Score: 5
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-95